mirror of
https://github.com/python/cpython.git
synced 2026-01-07 16:02:55 +00:00
85bbfa8a4b
Restore `subprocess`'s intended use of `vfork()` by default for performance on Linux;
also fixes the behavior of `extra_groups=[]` which was unintentionally broken in 3.12.0:
Fixed a performance regression in 3.12's :mod:`subprocess` on Linux where it
would no longer use the fast-path ``vfork()`` system call when it could have
due to a logic bug, instead falling back to the safe but slower ``fork()``.
Also fixed a security bug introduced in 3.12.0. If a value of ``extra_groups=[]``
was passed to :mod:`subprocess.Popen` or related APIs, the underlying
``setgroups(0, NULL)`` system call to clear the groups list would not be made
in the child process prior to ``exec()``.
The security issue was identified via code inspection in the process of
fixing the first bug. Thanks to @vain for the detailed report and
analysis in the initial bug on Github.
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| Build | ||
| C API | ||
| Core and Builtins | ||
| Documentation | ||
| IDLE | ||
| Library | ||
| macOS | ||
| Security | ||
| Tests | ||
| Tools-Demos | ||
| Windows | ||